{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6265", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2026-04-14T05:18:04.414Z", "datePublished": "2026-04-27T13:00:10.309Z", "dateUpdated": "2026-04-27T13:58:14.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-27T13:00:10.309Z"}, "title": "Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2", "datePublic": "2026-04-27T11:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-278", "description": "CWE-278 Insecure preserved inherited permissions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Cerberus", "product": "Cerberus FTP Server", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "2025.4.2", "versionType": "custom"}, {"status": "unaffected", "version": "2026.1"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.<p>This issue has been resolved in Cerberus FTP Server: 2026.1</p>"}]}], "references": [{"url": "https://www.cerberusftp.com/releasenotes/", "tags": ["release-notes"]}, {"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "credits": [{"lang": "en", "value": "Sharan Patil with Reversec", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"references": [{"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:58:10.924454Z", "id": "CVE-2026-6265", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:58:14.228Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6265", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T13:58:10.924454Z"}}}], "references": [{"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:58:05.875Z"}}], "cna": {"title": "Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sharan Patil with Reversec"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cerberus", "product": "Cerberus FTP Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2025.4.2"}, {"status": "unaffected", "version": "2026.1"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2026-04-27T11:00:00.000Z", "references": [{"url": "https://www.cerberusftp.com/releasenotes/", "tags": ["release-notes"]}, {"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1", "supportingMedia": [{"type": "text/html", "value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.<p>This issue has been resolved in Cerberus FTP Server: 2026.1</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-278", "description": "CWE-278 Insecure preserved inherited permissions"}]}], "providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-04-27T13:00:10.309Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6265", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:58:14.228Z", "dateReserved": "2026-04-14T05:18:04.414Z", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "datePublished": "2026-04-27T13:00:10.309Z", "assignerShortName": "NCSC-FI"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cerberusftp:ftp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD72DC32-09DA-4CD4-BACE-23F37E297D9D", "versionEndExcluding": "2026.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1"}], "id": "CVE-2026-6265", "lastModified": "2026-05-07T02:18:35.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}, "published": "2026-04-27T14:16:51.153", "references": [{"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "tags": ["Vendor Advisory", "Exploit"], "url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges"}, {"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "tags": ["Release Notes"], "url": "https://www.cerberusftp.com/releasenotes/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"], "url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges"}], "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-278"}], "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.4.2]"}}, {"platform": ["windows"], "status": "unaffected", "versions": {"scheme": "generic", "value": "2026.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Cerberus FTP Server", "source": "cna", "vendor": "Cerberus"}, "product": "cerberus_ftp_server", "vendor": "cerberus"}], "analysis": {"en": {"generated_at": "2026-04-28T04:27:07.498310+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch by upgrading to Cerberus FTP Server 2026.1 or later. ", "If an upgrade cannot be performed immediately, audit and correct the file system permissions on the server, ensuring that no inherited ACL grants excessive rights and that the Cerberus service runs under a dedicated low\u2011privilege account. ", "Remove or restrict administrative privileges from local user accounts that have access to the FTP server to enforce the principle of least privilege."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All installations of Cerberus FTP Server up to and including version 2025.4.2 running on Windows are susceptible. The vulnerability has been fixed in version 2026.1 and later releases.", "description_and_impact": "Cerberus FTP Server contains an insecure permission handling flaw that allows local users to elevate privileges by exploiting incorrectly preserved inherited file permissions. The vulnerability can lead to unauthorized access to restricted files and configuration data, potentially compromising the integrity and confidentiality of the system. The flaw is based on CWE-278 \u2013 Insecure Permissions.", "risk_and_exploitability": "The CVSS score of 7.3 marks this as a high\u2011risk issue. EPSS data are not available, and it is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation to date. The likely attack vector is local; an attacker with local access can manipulate permissions to gain elevated rights. Although no public exploit is known, the severity and the nature of the flaw warrant immediate remediation."}}}}, "created": "2026-04-28T00:45:16.945845+00:00", "updated": "2026-04-28T04:30:21.153014+00:00", "vendors": ["cerberus", "cerberus$PRODUCT$cerberus_ftp_server"]}